(RT) PAC

Team Members:

Brendan Carell

Tim Thornton

(Real Time) Packet Analysis and Capture

Background

libpcap

  • c/c++ packet capture library
  • developed by tcpdump group
  • will be implemented into a c/c++ application 

Network entropy

Statistics

  • most used ports
  • most active ip addresses
  • average packet size
  • average traffic amounts
  • property distributions

Network anomalies

  • normalize entropy
  • look for packets atleast n # of standard deviations from normal
  • shannon entropy

Entropy Anomaly Detection

A B C D A B C D A B C D

A B C D B B B B B B B B

Maximum uncertainty

Uncertainty begins to approach zero

Goal and Expected Result

Primary

Secondary

  • Capture of packets in real time
  • Analysis and report of packet statistics for network administration
  • Calculation of global and local entropy
  • Usage of entropy comparison for anomalous network detection

Execution Plan

Packet Capture Subgoals

  1. Capture and storage of packets in real time from interface
  2. Analysis and report of packet statistics
  3. Calculation of baseline entropy
  4. Report

Dates

Wed 12, Nov

Wed 19, Nov

Mon 24, Nov

~ Sun   7, Dec

Execution Plan

(Extended Goals)

Anomaly Detection Subgoals

  1. Calculation of relative window entropy
  2. Detection of anomalous network usage

Wed 3, Dec

Wed 3, Dec

Fin.

3203 Presentation

By igorii

Source: bscarell

3203 Presentation

Network Anomaly Detection

  • 712

More from igorii

  • Information Visualization Using 3D Interactive Animation
    igorii
    701
  • Interactive Evolutionary Computation
    igorii
    1370